From 22bd0b184835e7eed1fdcd88ccd81ecdb933d2ff Mon Sep 17 00:00:00 2001
From: Roland Fredenhagen <dev@modprog.de>
Date: Fri, 10 Jan 2025 13:38:41 +0100
Subject: [PATCH] Add `blob:` to `frame-src` `Content-Security-Policy`

Signed-off-by: Roland Fredenhagen <dev@modprog.de>
---
 lib/Controller/SiteController.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/Controller/SiteController.php b/lib/Controller/SiteController.php
index c5f3c316..17c90d68 100644
--- a/lib/Controller/SiteController.php
+++ b/lib/Controller/SiteController.php
@@ -100,6 +100,7 @@ protected function createResponse(int $id, array $site, string $path = ''): Temp
 		$policy = new ContentSecurityPolicy();
 		$policy->addAllowedWorkerSrcDomain('*');
 		$policy->addAllowedFrameDomain('*');
+		$policy->addAllowedFrameDomain('blob:');
 		$response->setContentSecurityPolicy($policy);
 
 		return $response;